Hacker News new | comments | show | ask | jobs | submit login

Right, then, so these aren't really security tests. I'm suggesting you reword that bit on your page; passing test vectors doesn't make something more trustworthy; it's table stakes.

I'm not saying you shouldn't write tests for misuse cases! You should do that.




Okay, what's a security test? How is it any different from a mere correctness test? Can you suggest some link to read up, or some tool to use?


See e.g. https://github.com/google/wycheproof

Fuzzing tests can also uncover weird bugs and edge cases that can lead to vulnerabilities.




Applications are open for YC Winter 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: